While convenient, mobile devices on your network can pose a risk to your business.
Phones in the office are threatening your business and you may not even realize it.
Whether used as a POS device, storing and accessing sensitive data, or even making calls, mobile devices are being used more frequently in the office space. Here are some reasons why:
To many companies, the rise of mobile devices is a great thing. Business can be done quicker, more efficiently, and with less paperwork.
But there’s also a downside to mobile devices, and that’s malware. Hackers are constantly working to steal data from mobile phones and tablets. You’ve probably seen examples of mobile device malware and these attacks in the news. And the attacks are becoming more and more common.
See also: Securing Mobile Devices with Mobile Encryption
Mobile devices in general aren’t as secure as computers. The same security measures that companies use for workstations and servers usually aren’t in place for mobile devices. Because of this, mobile devices may not be protected by things like firewalls, encryption, or antivirus software.
Yet more employees are using mobile devices to gain access to sensitive information. This puts their company more at risk for data theft.
See also: Top 5 Security Vulnerabilities Every Business Should Know
Most businesses have corporate resources available from employee devices. Should any of these devices be compromised by malware, sensitive information could be captured.
A lot of the risk depends on how your mobile environment is set up and how your employees can access sensitive data. Unless you have policies and controls in place regarding mobile devices, your employees are probably accessing sensitive information from their mobile devices, information that can be stolen by malware.
But how does the malware get on your phone? Here are 5 ways your mobile device can get malware.
See also: Stop Looking for a Mobile Security Standard
See also: White Paper: 5 Tips for HIPAA Compliant Mobile Devices
The most common method hackers use to spread malware is through apps and downloads.
The apps you get at an official app store are usually safe, but apps that are “pirated,” or come from less legitimate sources often also contain malware. These are apps that appear to be legitimate, but instead contain spyware or other types of malware.
Occasionally an app with malware will make it through to an official app store. One recent example is InstaAgent, an app that stole Instagram user credentials and sent them to a third-party server without the knowledge of the user. These apps are usually discovered and taken care of quickly, but they illustrate what can happen.
Sometimes developers will use pirated development tools, which have been compromised. Everything developed using these tools will then contain malicious code, which may steal sensitive data or damage the mobile device.
Be choosy when downloading apps, and download only from reputable app stores. That usually prevents you from coming across malware-infected apps.
WATCH: How to Know if an App is Secure
Often the mobile device itself may have vulnerabilities that hackers can exploit. Usually these vulnerabilities are discovered fairly quickly and patched up, but if you’re not regularly updating the software on your phone, your device will be vulnerable.
It’s critical to keep your mobile device up to date just like any other computer, or hackers can exploit those discovered vulnerabilities.
More employees are using their phones to look at and answer corporate email, which is a way hackers can install malware on your phone.
Here’s an example: you receive an email that says you’ve won something (a tablet, a vacation, etc). You open the email and click on the link, and nothing happens, or you’ve been taken to a dummy site. But malware was downloaded and installed on your phone. The data on your phone may now be exposed to that hacker.
Just like on your computer, avoid opening suspicious emails on your phone.
See also: 7 Ways to Recognize a Phishing Email
If you’re accessing insecure websites, you run the risk of exposing sensitive data transmitted from your device. You’re also more susceptible to man-in-the-middle attacks, and being exposed to malware. Avoid using insecure websites and Wi-Fi networks, and consider using antivirus protection and a VPN on your phone to secure Wi-Fi communication.
The browser itself on your phone could also be a source of vulnerabilities. This can lead to web browser attacks. Attacks like these are more common on android devices. Make sure you have the most current version of whatever browser you use.
You may get a text message or a voicemail from what appears to be a legitimate source asking for personal information either about you or your device.
Hackers often use this information to steal whatever data they can, including social security numbers, credit card data, etc. They may even be able to use it to make a targeted attack to install malware on your phone.
Whenever you get a text like this, call the company on their legitimate phone and verify with them. Never give out sensitive information through a text. Sometimes even replying to a text can be dangerous, so you should immediately delete any suspicious texts and attempt to contact the company directly.
See also: Reverse Phone Lookup
The good news is while your mobile device may be at risk for being infected by malware, there are some easy things you can do to avoid it. Here are some ways to protect your phone and other devices from malware:
When it comes to data security, you need to treat mobile devices the same way you treat servers and other computers. Hackers are constantly finding new ways to steal information from mobile devices.
Even though mobile devices can be hard to fit into a traditional network or data security model, they need to be considered. It's critical to include them in your information security planning!
.svg)
